We download many files from the internet, but are they safe to use? Do you test the files you download before using them?
MD5 (Message-Digest algorithm 5) hashes can be used to confirm both files authenticity and integrity. How can we calculate the md5 hash of a file in linux?
Most of linux distributions come with the md5sum tool which serves to compute and check MD5 message digest. The md5sum tool has many options available, but the most important thing you need to know is how to calculate and compute md5 hashes with it.
Two different files can not have the same md5 hash, so if you have downloaded an Ubuntu iso from a mirror site and its md5 hash is different from the one in the ubuntuhashes page it means that your download is different from the official one. You can not trust it!
So, do you understand how important is to verify data integrity now? One can also use the md5sum tool to verify if a file is corrupted or not.
Everyone makes mistakes and forgets about testing files they download and I am sure there are many people out there that don't know anything about verifying data integrity. To be honest with you guys, I was one of them before.
I understand now that testing and verifying the files you download is very important. You may download and install a Trojan in your computer that steals your data or performs malicious activity on the internet, instead of installing the file you are looking for.
It is very serious! Never is too late and now it is time to learn a new skill that will help you to keep your machine safe from cyber criminals.
Ok geeks, time to open a new terminal.
1. The following command is used to compute and check MD5 message digest of a file.
The above command is very useful when you have only one file to check and test, but what is the best solution when you have many files?
2. Open your favourite text editor, paste the hashes (hashes in the official sites for these files) and filenames like shown in the following picture.
3. Save the text file and run the following command.
md5sum -c md5check.txt
"md5sum: WARNING: 1 computed checksum did NOT match", this means that the opensuse iso I have is not the official one because I compared it with the official hash and the computed cheksums did not match.
Note: The hash used for testing the opensuse iso is invented by me just for the purpose of this article.